Sr. IT Compliance Analyst

SUMMARY:
The Senior IT Compliance Analyst will be responsible for ensuring a strong internal control environment through the development of policies and procedures, ensuring implementation, and monitoring compliance.  The position will work to foster standardization and consistency across business processes.

The ideal candidate is a critical thinker with an interest in building and improving an organization’s internal control environment. They are organized with excellent analytical and problem-solving skills. 

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Provide independent assessments of the control environment over IT infrastructure, systems, and data through the execution of risk analysis, control evaluation, and innovative audit testing procedures. 
• Deliver  adequate  and  timely  reporting  on  the  internal  control  framework  and  control deficiencies.
• Conduct CCPA compliance reviews; partner with control owners to track and report on remediation of identified deficiencies.
• Assist IT teams with the development of policies, standards, procedures, and guidelines.
• Maintain databases used for internal control documentation and testing efforts.
• Actively  seek  standardization  and  automation,  apply  and  implement  best  practices  for managing internal controls and deploy innovative technology where possible to enhance and continuously improve the design and operating effectiveness of controls.
• Develop  and  conduct  adequate  training  on  internal control objectives, approach and methodology to business partners on a regular basis to build knowledge and understanding of risks and controls.
• Keep abreast of company policies and procedures, current developments in technology and auditing professions, and regulatory changes.
• Develop an awareness of changes in IT audit practices, regulatory requirements, and IT Risk frameworks to understand their impact to Auditing (e.g. NIST Cyber, COSO, COBIT, ISO2700x).

REQUIREMENT/SKILLS:

• Proven technical and business acumen in a corporate environment.
• Solid understanding and experience with internal control frameworks.
• Strong analytical, organizational, conflict resolution and negotiation skills.
• Strong experience and interest for how technology and systems can support internal control effectiveness and efficiency.
• Strong communication skills needed in presenting control and risk matters in an understandable way across various forums and levels of the organization with the right level of detail. 
• Ability to operate when requirements are not clear and manage dynamic changes to environments

EDUCATION AND/OR EXPERIENCE:  

• Bachelor's degree required.
• 6 to 8 years relevant work experience specific to Risk Management/Security/ITGC Controls.
• Data Protection/Data Loss Prevention Experience preferred.
• Process Automation Experience preferred.
• Experience and knowledge of GRC tools and systems preferred.
• Certified Information Systems Auditor certification required.

PHYSICAL DEMANDS:

• Physical demands are consistent with a professional office setting.
• Regular sitting at work station for 25 - 75% of the work shift.
• Frequent standing and walking.
• Travel up to 10% required.

Equal Opportunity Employer – Veterans/Disability